Advice Request Regarding on NVT EXE Radar PRO?

Av Gurus · Oct 8, 2015

I'm sorry if this off topic but I have a question about NVTExe on Windows 10.

When I'm away 5min I get this message from NVTExe (picture), then click "WhiteList Process" and then again when I'm away get the same massage. I also click on "WhiteList Command-Line" but no help.

Any help/idea?

Deleted member 178 · Oct 8, 2015

Av Gurus said:
I'm sorry if this off topic but I have a question about NVTExe on Windows 10.

When I'm away 5min I get this message from NVTExe (picture), then click "WhiteList Process" and then again when I'm away get the same massage. I also click on "WhiteList Command-Line" but no help.
Any help/idea?

I got the same too, i just keep clicking, i think next version should fix it.

hjlbx · Nov 5, 2015

Av Gurus said:
I'm sorry if this off topic but I have a question about NVTExe on Windows 10.

When I'm away 5min I get this message from NVTExe (picture), then click "WhiteList Process" and then again when I'm away get the same massage. I also click on "WhiteList Command-Line" but no help.
Any help/idea?

Since it is rundll32.exe with parameters, you have to select "WhiteList Command-Line."

You need to do this with, for example:

rundll32.exe
7-zip
PeaZip

if you white-list process, but process alert returns the next\another time.

When any vulnerable process is executed, it is best practice to white-list the command-line (if you know for sure it is legitimate, safe command-line) rather than white-listing the process. White-listing the vulnerable process will do nothing, since NVT ERP is designed to alert for any process on the black-list, even if you add that process to the white-list. Andreas designed it this way for maximum protection.

Av Gurus · Nov 6, 2015

hjlbx said:
Since it is rundll32.exe with parameters, you have to select "WhiteList Command-Line."

I did select that but it is the same....

hjlbx · Nov 6, 2015

Av Gurus said:
I did select that but it is the same....

View attachment 76020

Hmmm, I am sorry - I missed that part... that is annoying bug !

CMLew · Nov 28, 2015

Sorry to hijack since this post is about whitelisting also.
Wanted to ask, if it is advisable to whitelist all processes for a clean install PC (which include LibreOffice, Skype, FoxitPDF, firefox and chrome only).

Deleted member 178 · Nov 28, 2015

CMLew said:
Sorry to hijack since this post is about whitelisting also.
Wanted to ask, if it is advisable to whitelist all processes for a clean install PC (which include LibreOffice, Skype, FoxitPDF, firefox and chrome only).

if you plan to set ERP on lockdown mode, yes

CMLew · Dec 28, 2015

Question:
Ytd was using Sandboxie. After using, I delete content and then NVT alert pop-up, something had to do with "cmd" . I check again, the content since sandboxie has been deleted already.

Is it normal? I have it in Lockdown mode.

Deleted member 178 · Dec 28, 2015

yes because Sbie use cmd to delete its content , just "whitelist command line " next time it shows up on ERP

CMLew · Dec 28, 2015

Umbra said:
yes because Sbie use cmd to delete its content , just "whitelist command line " next time it shows up on ERP

However doesn't lockdown mode stop this? Or is it that I actually whitelisted it but placed it under vulnerable prog and hence the alert?

Deleted member 178 · Dec 28, 2015

it depend if you installed Sbie after or before ERP

CMLew · Dec 28, 2015

Umbra said:
it depend if you installed Sbie after or before ERP

ERP first and after a while SBIE..

Deleted member 178 · Dec 28, 2015

uhm did you use learning or install mode ?

i dont have this alert , im on LM too.

CMLew · Dec 28, 2015

I was in Learning Mode when installing SBIE. Let it run for few days and then change to Lockdown Mode.

Deleted member 178 · Dec 28, 2015

i think maybe because i did a clean install , installed all my sec apps first , installed ERP, add the full c:\windows to its whitelist (taht should include cmd)

hjlbx · Dec 28, 2015

@CMLew - you are smart guy. You will quickly figure out NVT ERP because it operates in a way that makes sense\very intuitive.

CMLew · Dec 28, 2015

hjlbx said:
@CMLew - you are smart guy. You will quickly figure out NVT ERP because it operates in a way that makes sense\very intuitive.

No way! I don't want to be a smart guy. Smart guy don't get the hot chicks!

In any case, I will try to whitelist the commandline then. Again I'm hesitate to whitelist all the processes after so long.

hjlbx · Dec 28, 2015

CMLew said:
Smart guy don't get the hot chicks!

Really smart guy gets all the $$$ 1st.

Then no need to lift finger to get hot chicks.

Confident, I could care less attitude with women works almost as well as lots of $$$ in attracting hot chicks.

Deleted member 178 · Dec 28, 2015

hjlbx said:
Really smart guy gets all the $$$ 1st.

Then no need to lift finger to get hot chicks.

Confident, I could care less attitude with women works almost as well as lots of $$$ in attracting hot chicks.

that is true. you suck with girls at high school , but after you get the "payback" while in your brand new company startup office

Davidov · Jan 14, 2016

hello my NVT protection against exploits as voodooshield ??

Search

Search

Advice Request Regarding on NVT EXE Radar PRO?

Av Gurus

Level 29

Deleted member 178

hjlbx

Av Gurus

Level 29

hjlbx

CMLew

Level 23

Deleted member 178

CMLew

Level 23

Deleted member 178

CMLew

Level 23

Deleted member 178

CMLew

Level 23

Deleted member 178

CMLew

Level 23

Deleted member 178

hjlbx

CMLew

Level 23

hjlbx

Deleted member 178

Davidov

Level 10

You may also like...